This article will show you how to properly remove JeepersCrypt ransomware from your computer decrypt files encrypted with the .jeepers extension easy and for free.
A ransomware infection, known as JeepersCrypt ransomware has been reported to wreak havoc on victim computers. The infection aims to perform multiple different modifications on the infected computers including encrypting their files, after which dropping a ransom note, demanding a ransom fee (0.02 BTC) to be paid in order to get the encrypted files restored back to normal. In case you have become a victim of JeepersCrypt ransomware, recommendations are to read the following article
Threat Summary
| Name | JeepersCrypt | |
| Type | Ransomware | |
| Short Description | Encrypts important documents, music, video, images and other files and then demands 0.02 BTC ransom to be paid in 24 hours to get the files back. | |
| Symptoms | JeepersCrypt ransomware uses the .jeepers file extension which is added to the encrypted files. The virus then drops a ransom note, named JeepersCrypt Ransomware. | |
| Distribution Method | Via an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner. | |
| Detection Tool | See If Your System Has Been Affected by JeepersCrypt Download Malware Removal Tool | |
| User Experience | Join our forum to Discuss JeepersCrypt. | |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
.Jeepers File Virus – How Does It Infect
The JeepersCrypt.exe may be spread via a downloader, dropper or other infection malware. Such malicious files may be spread via multiple different methods. One of those is via e-mail spam messages which may include them in the form of either malicious web links or malicious attachments. The e-mail messages being spammed may pretend to be legitimate e-mails claiming the victim has made a purchase or there a letter about to be delivered. Some e-mails may even contain false statements of a suspicious activity on the victim’s bank account. Examples can be seen below:
After JeepersCrypt ransomware infects your computer, the malware begins it’s malicious activity.
JeepersCrypt Ransomware – Infection Activity
After having infected a computer, JeepersCrypt ransomware may drop it’s malicious files in the following Windows locations:
- %AppData%
- %Roaming%
- %Local%
- %LocalLow%
- %SystemDrive%
- %Windows%
- %System32%
In addition to dropping files, the .jeepers file virus may also modify the following Windows Registry sub-keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
After having modified the sub-keys on the registry, the malware may begin the encryption process.
JeepersCrypt Virus – Encryption Process
For the encryption process, .jeepers file virus may target multiple different types of files on your computer. The virus is careful to avoid important system files so that it won’t damage your operating system. Among the encrypted files may be the following:
“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com
After the encryption process of .jeepers ransomware has completed the files are left no longer openable in the following manner:
JeepersCrypt ransomware, then leaves the following ransom note on the infected computer:
JEEPERSCRYPT Ransomware
All the important archives were encrypted
You have 24 hours to buy a private key to decrypt your files
The key nail and 0.0200 BTC to buy the key
To buy the key contact us via email: [email protected]
And send a message with the following title “I want to buy a key for
Decrypt my files “that I will pass the information on how to buy the key
Fortunately files encrypted by JeepersCrypt ransomware are decryptable, thanks to malware researcher demonslay335, who published a free decryptor from download. Keep reading this article to learn how to remove JeepersCrypt and decrypt the files using this decryption software.
Remove JeepersCrypt Virus
Before the actual decryption takes place, we strongly suggest you to remove JeepersCrypt ransomware using the instructions below. In case manual removal is a challenge for you, security experts always recommend using an advanced anti-malware software to remove the malware automatically and protect your computer in the future as well.
